https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/326557#M808 <P>Sounds like a false negative, but the forum is not the right place to troubleshoot this. Please open a Support case. You will be asked to provide the exploit PoC, a packet capture of the attack (capture it from the client side) and supporting evidence that SSL decryption is working properly (detailed traffic log view showing the decrypted application normally detected and readable by the firewall).</P> Wed, 06 May 2020 23:26:21 GMT mivaldi 2020-05-06T23:26:21Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/326341#M805 <P>&nbsp;</P><P>We have ssl inbound &nbsp;decryption configured &nbsp;and from outside we are able to exploit the vulnerabilty.</P><P>Need to know why PA allows the connection for that signature.</P><P>&nbsp;</P><P>Vul &nbsp;threat id is 57230</P><P>&nbsp;</P><P>Name Telerik Web UI</P> Wed, 06 May 2020 12:53:38 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/326341#M805 MP18 2020-05-06T12:53:38Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/326557#M808 <P>Sounds like a false negative, but the forum is not the right place to troubleshoot this. Please open a Support case. You will be asked to provide the exploit PoC, a packet capture of the attack (capture it from the client side) and supporting evidence that SSL decryption is working properly (detailed traffic log view showing the decrypted application normally detected and readable by the firewall).</P> Wed, 06 May 2020 23:26:21 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/326557#M808 mivaldi 2020-05-06T23:26:21Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/327088#M811 <P>I agree we have opened the case with PA for 10 days as per them decryption is working as expected.</P><P>They are looking into this vulnerability as we can exploit the signature.</P> Fri, 08 May 2020 19:19:56 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/327088#M811 MP18 2020-05-08T19:19:56Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/333544#M855 <P>PA is still searching on this.</P> Mon, 15 Jun 2020 21:41:05 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/333544#M855 MP18 2020-06-15T21:41:05Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/334495#M863 <P>Seems Palo Alto did the content upgrade on their end recently and now we see that signature is blocking the traffic.</P> Sun, 21 Jun 2020 16:04:15 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/we-have-enabled-ssl-inbound-decryption-and-able-to-exploit-the/m-p/334495#M863 MP18 2020-06-21T16:04:15Z